Feldsam/show ban info page #5796
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
feldsam
force-pushed
the
feldsam/show-ban-info-page
branch
from
a47999d
to
91079b2
Compare
Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
feldsam
force-pushed
the
feldsam/show-ban-info-page
branch
from
91079b2
to
873863f
Compare
Just with behavioural check. Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
|
I've added a simple self-unban page that features a behavioral check to enhance user autonomy and maintain security. This update allows users to address accidental bans efficiently while ensuring the process isn't exploited by automated systems. Looking forward to your feedback! |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
milkmaker
added
the
stale
|
@DerLinkman @FreddleSpl0it hello, would somebody review this? Thanks! |
milkmaker
removed
the
stale
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces a significant enhancement to our netfilter functionality, addressing the problem of incorrectly configured devices which could lock out entire company branches. To mitigate this issue and enhance our network security posture, the following changes have been implemented:
Netfilter Modifications: The netfilter image has been updated to always allow TCP traffic on ports 80 and 443. This adjustment ensures that, despite any broad blocking rules, essential web traffic remains uninterrupted. Please note that this change is currently applied only to the IPTables module; integration with NFTables is pending and will require further contributions.
OpenResty Integration: By leveraging the OpenResty nginx image, which includes integrated support for Lua and Redis, I've established a robust mechanism for dynamic response based on IP reputation. Specifically, the nginx
location / {}directive now includes a Lua script to check against theF2B_ACTIVE_BANSandF2B_PERM_BANSin Redis. If an IP is found to be blacklisted, the user is redirected to a custom 403 page explaining the block.Future Enhancements: While the current implementation focuses on notifying users of a block, plans for future updates include the introduction of a self-service unban feature. This capability would allow users to resolve accidental bans autonomously, reducing administrative overhead and improving user experience.
Your feedback and contributions, especially regarding the integration with NFTables and the development of the self-service unban feature, are highly welcomed and appreciated.